Search Results (363531 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-30808 1 Elitecms 1 Elite Cms 2024-11-21 9.8 Critical
elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php.
CVE-2022-30804 1 Elitecms 1 Elite Cms 2024-11-21 6.5 Medium
elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=.
CVE-2022-30799 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 7.2 High
Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php.
CVE-2022-30798 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 7.2 High
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php.
CVE-2022-30797 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 9.8 Critical
Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php.
CVE-2022-30795 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 7.2 High
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php.
CVE-2022-30794 1 Online Ordering System Project 1 Online Ordering System 2024-11-21 7.2 High
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php.
CVE-2022-30792 1 Codesys 19 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 Sl and 16 more 2024-11-21 7.5 High
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
CVE-2022-30791 1 Codesys 19 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 Sl and 16 more 2024-11-21 7.5 High
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
CVE-2022-30787 3 Debian, Fedoraproject, Tuxera 3 Debian Linux, Fedora, Ntfs-3g 2024-11-21 6.7 Medium
An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
CVE-2022-30785 3 Debian, Fedoraproject, Tuxera 3 Debian Linux, Fedora, Ntfs-3g 2024-11-21 6.7 Medium
A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
CVE-2022-30783 3 Debian, Fedoraproject, Tuxera 3 Debian Linux, Fedora, Ntfs-3g 2024-11-21 6.7 Medium
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.
CVE-2022-30782 1 Openmoney Api Project 1 Openmoney Api 2024-11-21 7.5 High
Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers.
CVE-2022-30781 1 Gitea 1 Gitea 2024-11-21 7.5 High
Gitea before 1.16.7 does not escape git fetch remote.
CVE-2022-30780 1 Lighttpd 1 Lighttpd 2024-11-21 7.5 High
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers.
CVE-2022-30777 1 Parallels 1 H-sphere 2024-11-21 6.1 Medium
Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.
CVE-2022-30776 1 Atmail 1 Atmail 2024-11-21 6.1 Medium
atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.
CVE-2022-30775 1 Xpdfreader 1 Xpdf 2024-11-21 5.5 Medium
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.
CVE-2022-30770 1 Terminalfour 1 Terminalfour 2024-11-21 6.1 Medium
Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and r 8.2.x versions prior to version 8.2.18.5 or 8.2.18.2.1 are vulnerable to (XSS) vulnerability that could be exploited by an attacker to mislead an administrator and steal their credentials.
CVE-2022-30765 1 Janeczku 1 Calibre-web 2024-11-21 9.8 Critical
Calibre-Web before 0.6.18 allows user table SQL Injection.